The bad guys hate perfect, so we should be working with consumers to stop them.

I deal with the ugly aftermath of one type of cybercrime, helping consumers recover from identity theft. As a result, I am passionate about letting consumers know about online and real world sources of the crime.
Organizations like mine are joining forces to recruit consumers – who are also your customers and employees – in the fight against cybercrime. Expect to see major public education outreach in October as National Cyber Security Week, an initiative of the National Cyber Security Alliance, a month that also features Protect Your Identity Week, a coalition spearheaded by the National Consumer Counseling Association.

There are also professional organizations, like the Anti-Phishing Working Group and the Online Trust Alliance, that develop ideas and solutions to educate and arm consumers.

The obstacles to engaging consumers in the fight against cyber crime are enormous – more about that next time – but we ignore consumers at our peril. I encourage you to consider joining professional organizations like these. In this fight, it takes an army.

High Rate of Fraud and Identity Theft Revealed
Infosecurity Europe researcher’s have conducted a survey revealing that, out of 1,000 London commuters, 44% had been victims of bank/credit card fraud and 42% had had their identity stolen. Those who were victims of such crime lost an average of £1,448, and had a 37% chance of not getting their money back from their bank. The chances of getting the money back is largely dependent upon the sum that has been stolen, with more than nine out of 10 getting it back if the stolen amount exceeded £5,000, but only 41% getting it back if they lost £100 or less. Read the full Banking Times article here.

How Well Do Hospitals Protect Your Data? Abysmally
A just released survey of about 200 compliance executives in hospitals from around the country shows that data breaches and medical identity theft continue to soar. While these survey results are from a vendor that sells identity protection services – and they have a vested interest in painting as bad a picture as possible: if the survey results are halfway on target we’ve witnessed what as a significant problem become an abysmal failure in the past were 0 when it comes to hospitals protecting patient information. Read the full InformationWeek blog post here.

For Cyber Gangs, Fooling Google Isn’t That Hard to Do
Within security circles, they refer to the practice as social engineering, shorthand for a con game where unsuspecting employees get tricked into divulging important corporate information. And it works more times than you might assume. The most recent case: the coordinated January cyber attack against computer networks run by Google and at least 20 other big companies. In what’s since become known as Operation Aurora, corporate computer systems were penetrated after users innocently called up malicious web pages that they believed to be legitimate. Read the full CBS News article here.

Global Cybercrime Treaty Rejected at U.N.
A proposal for a treaty on global cybercrime was rejected last week by the United Nations. The proposal was discussed for 10 days at the 12th pentennial UN Crime Congress in Salvador, Brazil, but ended up a stalemate as Russia, China and a number of developing countries could not reach agreement with the United States, Canada, the U.K. and the European Union. As cybercrime develops into a major international scourge, efforts over the past 10 years among world powers have sought to broaden policing policies to allow law enforcement agencies to reach across national borders in pursuit of criminals. Read the full SC Magazine article here.

70% Of IT Security Pros Favor A Federal Data Breach Law
Seventy percent of IT security professionals believe that the federal government should pass data breach / data privacy legislation that overrides the current patchwork of state legislation, according to a recent survey by nCircle, the leading provider of automated security and compliance auditing solutions. The online survey of 257 security professionals was conducted between February 4 and March 12, 2010, and covered a range of security topics including smartphones, healthcare, cloud computing and social media. Read the full press release here.

These are very reassuring words. And frankly we have needed a leader to take an aggressive approach to dealing with cyber crime. As we all know though, this a very complex issue and many cultural issues are at play. You may recall our post last year about how hackers in Russia are perceived as being heroes because they rob from the “greedy westerners.” And, we definitely urge you to check out the 60 Minutes segment in that post as well.

What do you all think? Alexander had some strong, and much needed words. And, the good news is that there seems to be some action behind this words. Check out this article about the Air Force doing cyber war training.

Countrywide Sued For Data Breach
In a case that may be tied to an earlier insider data breach, Countrywide Financial has been slapped with a $20 million class action suit. The suit, filed by 16 former Countrywide customers in Ventura County Court, CA, charges that Countrywide Financial employees took and then sold tens of thousands or millions of its customers personal data files and exposed them to identity theft. This case comes nearly two years after a Countrywide employee was charged with stealing the identities and personal information of two million of the firm’s mortgage loan applicants. Rene Rebollo, a senior financial analyst at one of Countrywide’s California-based subprime lending divisions, took the information over a period of two years. This happened before Bank of America bought Countrywide in 2008. Read the full BankInfoSecurity article here.

Cybercriminals Prey on the Unemployed
Cybercrime is being used more and more to pay for…. cybercrime. The Wall Street Journal reports federal law enforcement has started to track increasingly common scams called “mule operations.” US job seekers are “hired” to buy things like expensive electronics, and ship the goods overseas, where scam operators sell them. In the end, the job applicants end up with neither a job nor a paycheck. A federal law-enforcement official said authorities have seen these types of fraudulent transactions fueling other cybercrime operations. Listen to the Fed News Radio Cybersecurity update here.

The Age of Data Privacy
In recent years, data privacy failures have harmed dozens of companies and become commonplace on the front pages of newspapers around the world. High-profile cases invite more regulatory activity, as well as scrutiny from customers and employees. In addition, companies face the challenge of managing a greater volume of sensitive information, created by increasing digitization of employee, health, financial, and other personal data. Read the full BusinessWeek story here.

After Google-China Dust-Up, Cyberwar Emerges as a Threat
Few events have crystallized U.S. fears over a cyber catastrophe, or brought on calls for a strategic response, more than the recent attacks against Google and more than 30 other tech firms. The company’s disclosure in January that it was attacked by China-based hackers — and its subsequent decision to scale back operations there — have stoked long-standing fears over the ability of cyber adversaries to penetrate commercial and government networks in the U.S. If a full-fledged cyberwar were to break out, the nation’s economy would be hit hard. Banks might not be able function, electricity, water and other utilities could be shut off, air travel would almost certainly be disrupted, and communications would be spotty at best — in a word, chaos. Read the full SF Chronicle article here.

New Law Aims to Shore Up Retail Data Security
Washington last week became the third state to pass legislation that will allow banks to recover certain costs and damages from retailers and credit card processors that suffer data breaches after failing to comply with current Payment Card Industry (PCI) standards. The law, which goes into effect on July 1 in Washington, follows similar laws passed in the states of Minnesota and Nevada and marks a fundamental change in the way government and private sector industries assign responsibility and accountability for preventing identity theft. Read the full eSecurity Planet article here.

New York Announces Data Privacy Day To Protect Residents From Identity Theft
Governor David A. Paterson and several New York State agencies are today joining with government officials from across the United States and 27 European countries, privacy professionals, academics, legal scholars, representatives of international businesses, and others to promote understanding of privacy best practices and rights through the observance of National Data Privacy Day. As part of the commemoration, Governor Paterson issued a proclamation declaring January 28, 2010 Data Privacy Day in New York State. Governor Paterson noted that the New York State Consumer Protection Board (CPB), the State’s Chief Information Officer/Office for Technology (CIO/OFT) and the State Office of Cyber Security and Critical Infrastructure Coordination (CSCIC) are all working to protect residents from identity theft and to address consumer and business concerns regarding data privacy and security issues. Read the full Gov Monitor article here.

Can We Stop the Global Cyber Arms Race?
In a speech this month on “Internet freedom,” Secretary of State Hillary Clinton decried the cyberattacks that threaten U.S. economic and national security interests. “Countries or individuals that engage in cyber attacks should face consequences and international condemnation,” she warned, alluding to the China-Google kerfuffle. We should “create norms of behavior among states and encourage respect for the global networked commons.” Perhaps so. But the problem with Clinton’s call for accountability and norms on the global network — a call frequently heard in policy discussions about cybersecurity — is the enormous array of cyberattacks originating from the United States. Until we acknowledge these attacks and signal how we might control them, we cannot make progress on preventing cyberattacks emanating from other countries. Read the full Washington Post Op-Ed here.

Critical Infrastructure Vulnerable To Attack
Executives at corporate operators of critical infrastructure — power, water, oil, telecom, finance, and transportation companies — say that their networks face relentless attacks from cybercriminals and foreign governments, a situation that amounts to an undeclared cyberwar. Last week, McAfee, a security vendor, published a cyber security report authored by the Center for Strategic and International Studies (CSIS), a public policy research group. Read the full InformationWeek article here.

Many Haitians Concerned About Identity Theft
Victims of Haiti’s earthquake are dealing with yet another painful reality as they struggle to get back on their feet. Many have no identification to prove who they are and they’re afraid they could become victims of identity theft. There are tiny signs that life is slowly returning to normal in Haiti. However, there are even bigger signs of just how slow that recovery is. Read more here.

Internal Data Breaches a Rarity, Study Finds
Internal data breaches might keep CSOs awake at night, but they appear to be a rare event, a university analysis of reported UK compromises has found. In the UK Security Breach Investigations Report the University of Bedfordshire crunched data on incidents reported to forensics firm 7Safe, finding that the overwhelming majority came from external sources. Of the 62 breaches 7Safe was called in to investigate across a range of sectors, 80 percent were found to be external in origin, 18 percent came from business partners, leaving only 2 percent to be blamed on insiders. Read the full ComputerWorld article here.

- It was announced that air traffic networks are vulnerable
- The Pentagon detected 360 million attempts to penetrate its networks in 2008
- The U.S. power grid was hacked into
- Computer spies broke into the Pentagon’s $300 billion Joint Strike Fighter project – DoD’s costliest weapons program to date
- The FBI says that stopping cyber criminals is like playing a game of “whack a mole”
- Obama administration issued a 60-day cyber review; is planning on announcing a cyber czar position.

So after all this — and this is only the tip of the ice berg — Booz Allen issues a report saying that we need to strengthen cyber security? Certainly coming to the party a bit late…don’t you think?

The key to success, according to the special agent, is transnational police cooperation where law enforcement from many countries works together to bring these bad guys down. But, it is still a game of luck. Check out this paragraph from the article:

“Shutting them down is a matter of luck and perseverance and security experts liken the effort to a game of Whac-a-Mole, where underground forums easily emerge to serve as clearing houses or virtual supermarkets for myriad criminal activities over the Internet.”

Kudos to ZDNet for getting access to the FBI and giving us this glimpse into what is being done to address the global cybercrime issue. However, we get the strong sense that it’s all about luck and the bad guys will always be one-step ahead. The U.S. has developed the most advanced security technologies and policies. So, why does it come down to luck and partnering with other nations to win this battle? Welcome all thoughts and comments.